package cn.summit.core.authentication.authorize;

import cn.summit.core.authentication.MyConstant;
import cn.summit.core.properties.SecurityProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;

/**
 * @author summit
 * @since 2020/3/7 20:21
 */
public class CustomAuthorizeConfigurerProvider implements AuthorizeConfigurerProvider {


    @Autowired
    private SecurityProperties securityProperties;

    @Override
    public void confiure(
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {

        String[] noAuthUrl = {securityProperties.getAuthentication().getLoginPage(), "/code/image",
            MyConstant.mobile_from_url, MyConstant.mobile_page_url, "/mobile/form"};

        // 放行/login/page不需要认证可访问
        config.antMatchers(noAuthUrl).permitAll();

        // 其他请求都要通过身份认证
        config.anyRequest().authenticated();

    }
}
